UFW Blocks samba

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
JayBird707
Level 2
Level 2
Posts: 80
Joined: Sat Jan 30, 2016 9:56 pm

UFW Blocks samba

Post by JayBird707 » Sun Dec 03, 2017 6:53 pm

Thanks for reading and trying to lend a hand.

I don't know what I or some application touched but now I can't use Samba with UFW running. If I turn off UFW I can see all my smb clients. I uninstalled and reinstalled UFW and Samba and no change. I have the same rules in UFW I've always used, here a conpy of UFW Status:

Code: Select all

jeffrey@jeffrey-HP-Compaq-Pro-6300-SFF ~ $ sudo ufw status
[sudo] password for jeffrey: 
Status: active

To                         Action      From
--                         ------      ----
137,138/udp                ALLOW       Anywhere                  
139,445/tcp                ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
137,138/udp (v6)           ALLOW       Anywhere (v6)             
139,445/tcp (v6)           ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

137,138/udp                ALLOW OUT   Anywhere                  
139,445/tcp                ALLOW OUT   Anywhere                  
22/tcp                     ALLOW OUT   Anywhere                  
137,138/udp (v6)           ALLOW OUT   Anywhere (v6)             
139,445/tcp (v6)           ALLOW OUT   Anywhere (v6)             
22/tcp (v6)                ALLOW OUT   Anywhere (v6)  
I've rebooted, stood on my head and crossed my fingers and still the only way to see the network clients is by turning UFW Off. Here's my System Info Report:

Code: Select all

 System:    Host: jeffrey-HP-Compaq-Pro-6300-SFF Kernel: 4.10.0-40-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.6 (Gtk 3.18.9-1ubuntu3.3) dm: lightdm Distro: Linux Mint 18.3 Sylvia
Machine:   System: Hewlett-Packard product: HP Compaq Pro 6300 SFF Chassis: type: 4
           Mobo: Hewlett-Packard model: 339A Bios: Hewlett-Packard v: K01 v02.90 date: 07/16/2013
CPU:       Quad core Intel Core i5-3570 (-MCP-) cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 27136
           clock speeds: min/max: 1600/3800 MHz 1: 1601 MHz 2: 1689 MHz 3: 1608 MHz 4: 1623 MHz
Graphics:  Card: NVIDIA G98 [GeForce 9300 GE] bus-ID: 01:00.0 chip-ID: 10de:06e0
           Display Server: X.Org 1.18.4 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           Resolution: 1366x768@59.79hz
           GLX Renderer: GeForce 9300 GE/PCIe/SSE2
           GLX Version: 3.3.0 NVIDIA 340.102 Direct Rendering: Yes
Audio:     Card Intel 7 Series/C210 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0 chip-ID: 8086:1e20
           Sound: Advanced Linux Sound Architecture v: k4.10.0-40-generic
Network:   Card: Intel 82579LM Gigabit Network Connection
           driver: e1000e v: 3.2.6-k port: f040 bus-ID: 00:19.0 chip-ID: 8086:1502
           IF: eno1 state: up speed: 1000 Mbps duplex: full mac: <filter>
Drives:    HDD Total Size: 6501.3GB (46.2% used)
           ID-1: /dev/sda model: ST31000524AS size: 1000.2GB serial: 6VPD7F1N
           ID-2: /dev/sdb model: SAMSUNG_HM500JI size: 500.1GB serial: S1YMJ10S503982
           ID-3: USB /dev/sdd model: 10EADS_External size: 1000.2GB serial: WD-WCAV50182493
           ID-4: USB /dev/sdc model: My_Book_25EE size: 4000.8GB serial: 574343374B344C4139324C38-0:0
Partition: ID-1: / size: 30G used: 8.5G (31%) fs: ext4 dev: /dev/dm-0
           ID-2: /var size: 4.8G used: 1.8G (40%) fs: ext4 dev: /dev/dm-1
           ID-3: /boot size: 464M used: 172M (40%) fs: ext4 dev: /dev/sda1
           ID-4: /home size: 591G used: 272G (49%) fs: ext4 dev: /dev/dm-2
           ID-5: swap-1 size: 8.39GB used: 0.00GB (0%) fs: swap dev: /dev/sda2
RAID:      System: supported: N/A
           No RAID devices: /proc/mdstat, md_mod kernel module present
           Unused Devices: none
Sensors:   System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 0.0:58C
           Fan Speeds (in rpm): cpu: N/A
Repos:     Active apt sources in file: /etc/apt/sources.list.d/google-chrome.list
           deb [arch=amd64] http: //dl.google.com/linux/chrome/deb/ stable main
           Active apt sources in file: /etc/apt/sources.list.d/kdenlive-kdenlive-stable-xenial.list
           deb http: //ppa.launchpad.net/kdenlive/kdenlive-stable/ubuntu xenial main
           deb-src http: //ppa.launchpad.net/kdenlive/kdenlive-stable/ubuntu xenial main
           Active apt sources in file: /etc/apt/sources.list.d/official-package-repositories.list
           deb http: //packages.linuxmint.com sylvia main upstream import backport #id:linuxmint_main
           deb http: //archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
           deb http: //archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
           deb http: //archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
           deb http: //security.ubuntu.com/ubuntu/ xenial-security main restricted universe multiverse
           deb http: //archive.canonical.com/ubuntu/ xenial partner
Info:      Processes: 265 Uptime: 5 min Memory: 928.4/18006.5MB
           Init: systemd v: 229 runlevel: 5 default: 2 Gcc sys: 5.4.0 alt: 4.9
           Client: Unknown python2.7 client inxi: 2.2.35   
Any advice or pointing ion the right direction is appreciated.
Dell Studio 1737 Laptop: HP6300 Desktop: HP8000 SFF Desktop all on Linux Mint!

User avatar
Joe2Shoe
Level 4
Level 4
Posts: 247
Joined: Wed Oct 18, 2017 8:12 pm
Location: Ozone

Re: UFW Blocks samba

Post by Joe2Shoe » Sun Dec 03, 2017 9:59 pm

"Tolerance is the refuge of men without conviction."
"Common sense is not so common" - Voltaire

User avatar
Joe2Shoe
Level 4
Level 4
Posts: 247
Joined: Wed Oct 18, 2017 8:12 pm
Location: Ozone

Re: UFW Blocks samba

Post by Joe2Shoe » Sun Dec 03, 2017 10:01 pm

Possibly the simplest way currenly (2015):

sudo ufw allow Samba
"Tolerance is the refuge of men without conviction."
"Common sense is not so common" - Voltaire

User avatar
greerd
Level 5
Level 5
Posts: 940
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: UFW Blocks samba

Post by greerd » Sun Dec 03, 2017 10:10 pm

You could try allowing the ip addresses and ports of your samba clients, for example

Code: Select all

sudo ufw allow proto udp from xx.xx.xx.xx to any port 137:138
sudo ufw allow proto tcp from xx.xx.xx.xx to any port 139:445 
where xx.xx.xx.xx is the address of one of your samba clients. Do the same for all clients.

Also you might want to consider deleting the ipv6 rules if you don't use them. Note that rules created this way cannot be deleted from gufw, they must be deleted using ufw commands.

One way to delete a specific rule created this way is to list the rules numbered sudo ufw status numbered, find the rule number and then sudo ufw delete # (where # is the rule number)

Good luck
Image

psicotron3
Level 1
Level 1
Posts: 2
Joined: Mon Dec 04, 2017 8:45 pm

Re: UFW Blocks samba

Post by psicotron3 » Tue Dec 05, 2017 10:31 am

There's a topic with workaround for this problem: viewtopic.php?p=1396779#p1396779

Maybe one of the solutions work for your situation.

JayBird707
Level 2
Level 2
Posts: 80
Joined: Sat Jan 30, 2016 9:56 pm

Re: UFW Blocks samba

Post by JayBird707 » Wed Dec 06, 2017 1:51 pm

Let me begin by thanking everyone for their input.
I have found that the best thing for me to do is to follow these steps:
1- Disable UFW
2- In Nemo use File>Connect to Server using the remote host's IP address connect to the shared folder and create a Bookmark.
3- Enable UFW and add the Samba rule.

On my network it's not that bad since I use all Static IP addresses.

It's hard to believe from all the replies and research that a this browsing problem has existed for years.
Dell Studio 1737 Laptop: HP6300 Desktop: HP8000 SFF Desktop all on Linux Mint!

stanley82
Level 2
Level 2
Posts: 83
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 » Mon Mar 05, 2018 10:15 pm

From the look of it I should stop fighting this one as like you said it's been around for years. I've also tried unblocking ports 22 and 88 to no avail. Also if you look at my previous post "Samba restart and LM15 and LM18.3" the latter part indicates that LM15 and LM18 samba versions work differently. Regards Ian.

stanley82
Level 2
Level 2
Posts: 83
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 » Mon Mar 05, 2018 10:18 pm

Ian again.
What is curious is disabling the FW then click to mount the directory then enable the FW you can access the files in the now mounted directory. Regards Ian.

altair4
Level 19
Level 19
Posts: 9018
Joined: Tue Feb 03, 2009 10:27 am

Re: UFW Blocks samba

Post by altair4 » Tue Mar 06, 2018 8:48 am

@JayBird707
I have found that the best thing for me to do is to follow these steps:
1- Disable UFW
2- In Nemo use File>Connect to Server using the remote host's IP address connect to the shared folder and create a Bookmark.
3- Enable UFW and add the Samba rule.
Are you absolutely positively sure that step1 is necessary when accessing the server by ip address?

It was easy to reproduce your symptom in Mint 18.3:
** Enable the firewall.
** Allow Samba on all systems
** Go to Nemo > Network > Windows Network and you will error out.

But if I keep the firewall in place and go to smb://ip-address or use the mdns qualified hostname ( the host name of the server with a .local attached at the end - as in smb://hostname.local ) I can connect.

This problem started with Linux Kernel 4.8 but it relates only to netbios name resolution. In an all Linux network you don't have to use netbios. You can use mDNS or ip addresses if they are all static.

You can even set up an avahi / smb registration so that your machine will automatically show up under Nemo > Network ( and not under "Windows Network" - the netbios part ). This also worked in my experiment with ufw enabled.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

JayBird707
Level 2
Level 2
Posts: 80
Joined: Sat Jan 30, 2016 9:56 pm

Re: UFW Blocks samba

Post by JayBird707 » Tue Mar 06, 2018 1:59 pm

I had forgotten about this post since the work around last December. Since upgrading to 4.13 Kernel I no longer have to disable UFW to connect with Nemo using File>Connect to Server... Once I do this I create a Bookmark and then I'm good forever.

So you are correct altair4 Step 1 is no longer needed. You are also correct that now you can type in smb://ip-address and connect. You still must disable UFW if I want to use Nemo solely as a GUI to navigate to the network hosts.
The avahi / smb registration for me is just too much work.
Dell Studio 1737 Laptop: HP6300 Desktop: HP8000 SFF Desktop all on Linux Mint!

altair4
Level 19
Level 19
Posts: 9018
Joined: Tue Feb 03, 2009 10:27 am

Re: UFW Blocks samba

Post by altair4 » Tue Mar 06, 2018 2:06 pm

JayBird707 wrote:
Tue Mar 06, 2018 1:59 pm
The avahi / smb registration for me is just too much work.
Well, luckily for you Mint 19 will do it for you automatically. Unless ... um ... Mint deviates from it's Ubuntu roots again.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

stanley82
Level 2
Level 2
Posts: 83
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 » Wed Mar 07, 2018 6:13 pm

If you go here "viewtopic.php?f=157&t=185410#p960482" and follow the instructions in the first reply that will fix things. You can also check out my experience at "viewtopic.php?f=157&t=265213". Ian

Post Reply

Return to “Other networking topics”